Send in your ideas. Deadline December 1, 2024
logo
hex
Download
Download
Stay up to date
Mailinglist
Grant
Theme fund: NGI0 PET
Period: 2020-04 — 2022-10

GNU Mes: Full Source bootstrap

GNU Mes was created to address the security concerns that arise from bootstrapping an operating system using large, unauditable binary blobs, which is common practice for all software distributions.

Mes is a Scheme interpreter written in a simple subset of C and a C compiler written in Scheme and comes with a small, bootstrappable C library.

The Mes bootstrap has greatly reduced the size of opaque binaries that were needed to bootstrap GNU Guix, a functional GNU/Linux distribution that focusses on user freedom, reproducibility and security.

That reduction (from ~250MB to ~60MB) was achieved by first replacing GNU Binutils, GNU GCC and the GNU C Library with Mes. The second step was funded by NLnet (https://nlnet.nl/project/GNUMes) and replaced GNU Awk, GNU Bash, the GNU Core Utilities, GNU Grep, GNU Gzip, GNU SED, and GNU Tar with a more mature Mes, Gash and Gash-Utils.

The final goal is to help create a full source bootstrap for any interested UNIX-like operating system and non-intel architectures (see https://nlnet.nl/project/GNUMes-arm) This funding will enable us to take another big step forward and reach an important new milestone in creating more auditable secure software distributions.

Why does this actually matter to end users?

When you start up your computer, you will probably think twice before you download some random piece of software from the internet and run it. You know that doing so could allow unwelcome guests to your computer and your data. Your computer might even end up in a bot net. So when you see some nice piece of software, you will ask yourself the question: can I really trust the software? Perhaps you will check the origin it comes from. Better safe than sorry.

Did you miss checking something, though? What about the software that is already on your computer before you started? A computer is not much use without an operating system. While most computers are sold with an operating system, actually you have the choice to remove that and install something different. Have you thought about the trustworthiness of that fundamental piece of software - your most fundamental travel companion on the wild west of the internet? Trustworthiness is essential. When an operating system has a so called 'back door' (either intentionally or not), someone could extract whatever user data - like personal pictures or home movies - from your computer. And the worse thing: without you ever finding out. The operating system guards all the other software, and warns you when you install software from the internet. But itself, it doesn't have to ask for permission. Ever. It doesn't just have "access all areas": in fact, it runs the whole show.

With commercial software like Microsoft Windows or Mac OS X that you get delivered when you buy a computer, trust in what their closed operating system does will of course always be a leap of faith: as a user you essentially are given no choice. In proprietary systems you do not have the freedom to study the source code, or to control what really happens. So you either trust the vendor, or you'd better not use it. For an increasing amount of people, after the revelations from whistleblowers like Edward Snowden, that "leap of faith" is not so obvious anymore. They prefer to use free and open source operating systems like GNU Linux, FreeBSD and OpenBSD. These are technology commons: the people that wrote the software allow you to inspect the source code. Even more so, they give you the source code to do anything with it that you like. So you don't just blindly have to take their word for it and trust them, you can take matters into your own hands.

But until now, there were some parts that would escape introspection. You would have to trust them, not because the people involved didn't want to share everything with you - but because they couldn't. When an operating system is loaded, you need to get the computer into a state from where it can manage itself. The necessary software is poetically called a "binary seed", because it is, well, a very very long string of bits. In fact, a few hundreds of millions of bits. And of course, that amount of information without any hints or cues as to how they interact are rather hard to grasp - and thus a potential point of risk.

What if we could get the computer into the right state through a different path? The GNU Mes project aims to replace the traditional "binary seed" by something orders of magnitude smaller. The really clever and innovative part is that they will add the more complex parts to a "second stage", which is being created from scratch by the project, in a human understandable programming language. This two stage approach allows to make all of computing more trustworthy, in a very controlled way - and will grant our future selves the ability to use computers without taking a leap of faith. If the project succeeds, it will make a very fundamental contribution to the security of the next generation internet. NGI Zero has funded this project before and continues to support the work done.

Run by joy of source

Logo NLnet: abstract logo of four people seen from above Logo NGI Zero: letterlogo shaped like a tag

This project was funded through the NGI0 PET Fund, a fund established by NLnet with financial support from the European Commission's Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 825310.